Make Default identity-assertion provider actually be the default

When an identity-assertion provider is not configured in a topology, it is indeterministic as to which it will choose. It appears to often select a JWT related provider currently which actually needs to be removed.

We need to ensure that when there is no identity assertion provider configured that the Default provider be picked up. This will make it deterministic as well as simplify many topologies by not requiring it to be configured.